Key Takeaways
- In Verizon DBIR, 61% of breaches involved stolen credentials or credential-related attacks, which are often harvested through URL-based phishing
- In Google’s Transparency Report, the number of Safe Browsing-related removals and user protections scale globally across billions of URLs processed
- In a study of phishing URL features, models using lexical and host-based features achieved high detection rates (e.g., >90% in benchmark settings), supporting the measurable distinguishability of malicious URLs
- In the 2024 IBM Cost of a Data Breach report, organizations with faster incident detection (less than 200 days to identify/contain) reduce average breach cost by measurable amounts
- A 2024 Gartner report preview notes that organizations that adopt security awareness and web protection reduce phishing-related incidents by measurable margins in case studies (quantified in report)
- In the 2024 IBM Cost of a Data Breach report, the average time to contain a breach was 73 days (median time to contain).
- 29% of organizations use URL filtering solutions as part of their security stack (survey), helping reduce user navigation to malicious URLs
- In a 2023 industry survey, 34% of organizations used browser isolation/secure access methods to mitigate risky web content and malicious links
- A 2024 CISA advisory notes that URL shorteners can be abused for social engineering/phishing, and provides mitigation guidance for organizations
- A 2021 peer-reviewed study reported that character-level models using URL tokens reduced false positives while maintaining detection rates above 90% on public phishing URL datasets.
- PhishTank’s community feeds processed millions of URL submissions during 2023, reflecting high volumes of reported phishing URLs for reputation/labeling workflows.
- Virustotal reported that it analyzed tens of billions of URLs/files during 2023 through its public scanning services.
- In 2024, Google Safe Browsing prompted protections for users at scale, reporting that its removals and warnings cover hundreds of millions of potentially unsafe URLs.
- In the 2024 Cloud Security Alliance guidance, 2 out of 3 organizations reported that web application attacks are a key concern for cloud environments (survey result).
- In the 2024 UK Cyber Security Breaches Survey, 9% of businesses reported suffering ransomware (percentage experiencing this threat type).
Phishing dominates today’s breaches, but smarter URL filtering and faster detection measurably reduce impact and cost.
Related reading
01 · Category
Threat Landscape8 stats
Threat Landscape Interpretation
02 · Category
Cost Analysis3 stats
Cost Analysis Interpretation
03 · Category
Security Controls3 stats
Security Controls Interpretation
04 · Category
Detection Performance1 stats
Detection Performance Interpretation
More related reading
05 · Category
Operational Metrics4 stats
Operational Metrics Interpretation
06 · Category
Industry Adoption2 stats
Industry Adoption Interpretation
07 · Category
Industry Trends1 stats
Industry Trends Interpretation
Cite This Report
This report is designed to be cited. We maintain stable URLs and versioned verification dates. Copy the format appropriate for your publication below.
Diana Reeves. (2026, February 13). URL Statistics. Gitnux. https://gitnux.org/url-statistics
Diana Reeves. "URL Statistics." Gitnux, 13 Feb 2026, https://gitnux.org/url-statistics.
Diana Reeves. 2026. "URL Statistics." Gitnux. https://gitnux.org/url-statistics.
Sources & references
22 datasets cited across this report · attribution is report-level
+6 additional datasets cited (not shown individually)

